Privacy Policy

1. Information We Collect

PCCVDI Solutions ("we", "our", "us", or the "Company"), incorporated and operating from Pashim Vihar, New Delhi, India, collects information in the following ways:

1.1 Information You Provide Directly

When you contact us, request a consultation, or engage our services, we may collect:

• Full name and professional title
• Work email address and phone number
• Company or organisation name
• Project requirements and business context you share with us
• Payment information (processed securely through third-party payment processors — we do not store card details)

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain technical information, including:

• IP address and approximate geographic location (country/city level)
• Browser type, version, and operating system
• Pages visited, time spent on pages, and navigation paths
• Referring URL (the page that linked you to our site)
• Device type (desktop, mobile, tablet)

1.3 Information from Service Engagements

During contracted IT service engagements, we may access systems, logs, and data strictly necessary to deliver the agreed services. Any such data is treated as confidential and governed by the applicable Service Agreement and Data Processing Agreement (DPA).

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To respond to enquiries, deliver contracted IT services, and provide technical support.
• Communication: To send service-related notifications, project updates, invoices, and relevant technical resources.
• Business Operations: For internal planning, capacity management, and financial administration.
• Website Improvement: To analyse website usage patterns and improve content, navigation, and performance.
• Legal Compliance: To fulfil obligations under applicable Indian law, including the IT Act 2000, the Digital Personal Data Protection Act 2023 (DPDP Act), and any applicable sectoral regulations.
• Marketing (with consent): To send newsletters, case studies, or event invitations where you have opted in. You may unsubscribe at any time.

We do not sell, trade, rent, or share your personal information with third parties for their own marketing purposes.

3. Legal Basis for Processing

Under the DPDP Act 2023 and applicable data protection principles, we process your personal data on one or more of the following bases:

• Consent: Where you have given explicit consent (e.g., marketing communications, cookie acceptance).
• Contract: Where processing is necessary to perform a contract with you or to take steps at your request prior to entering a contract.
• Legal Obligation: Where processing is required to comply with Indian law or regulatory requirements.
• Legitimate Interests: Where we have a legitimate business interest in processing (e.g., fraud prevention, website security) that does not override your rights and interests.

4. Data Sharing and Disclosure

We may share your information only in the following limited circumstances:

• Service Providers: Trusted third-party vendors who assist in operating our business (e.g., cloud hosting providers, email delivery services, accounting software). These providers are bound by data processing agreements and may only use your data to provide services to us.
• Professional Advisors: Lawyers, accountants, and auditors where necessary for legal or financial compliance.
• Legal Requirements: Where disclosure is required by law, court order, or government authority.
• Business Transfers: If PCCVDI Solutions undergoes a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction. We will notify affected parties prior to any such transfer.

5. Data Storage and Security

We store personal data on secure servers located primarily in India. Technical and organisational security measures include:

• TLS 1.2+ encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Role-based access controls limiting data access to authorised personnel only
• Regular security assessments and vulnerability scanning
• Multi-factor authentication for all internal system access
• Incident response procedures aligned with CERT-In guidelines

While we implement robust security measures, no internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected individuals and the relevant authorities in the event of a data breach as required by law.

6. Cookies and Tracking Technologies

Our website uses the following types of cookies:

• Essential Cookies: Necessary for the website to function properly. Cannot be disabled.
• Analytics Cookies: Google Analytics cookies that help us understand how visitors interact with our website. IP anonymisation is enabled. You may opt out via Google's opt-out browser add-on.
• Preference Cookies: Remember your settings and preferences for improved experience.

You can control and/or delete cookies through your browser settings. Disabling certain cookies may affect website functionality.

7. Your Rights Under the DPDP Act 2023

India's Digital Personal Data Protection Act 2023 grants you the following rights as a "Data Principal":

• Right to Access: The right to obtain a summary of personal data we hold about you and the processing activities undertaken.
• Right to Correction: The right to correct inaccurate or incomplete personal data.
• Right to Erasure: The right to request deletion of your personal data, subject to our legal obligations to retain certain data.
• Right to Grievance Redressal: The right to a timely response to any grievance regarding our processing of your personal data.
• Right to Nominate: The right to nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, please contact our Data Protection Officer at privacy@pccvdi.com. We will respond within 30 days.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy or as required by law:

• Contact form enquiries: 3 years from date of last interaction
• Client project data: Duration of engagement + 7 years (for legal and audit purposes)
• Invoice and billing data: 8 years (as required by the Income Tax Act 1961)
• Website analytics data: 26 months (Google Analytics default, with IP anonymisation)
• Marketing opt-in records: Until opt-out + 3 years

9. International Data Transfers

Primary data processing occurs within India. Where we use cloud service providers with infrastructure outside India (e.g., for CDN or email delivery), we ensure such transfers comply with applicable Indian data protection law and that adequate safeguards are in place through contractual protections.

10. Children's Privacy

Our services are directed exclusively at business professionals and are not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us personal data, we will delete it promptly. If you believe a minor has submitted data to us, please contact us immediately.

11. Changes to This Policy

We review and update this Privacy Policy periodically. Material changes will be:

• Communicated via email to active clients and newsletter subscribers
• Highlighted prominently on our website for 30 days following publication
• Reflected in an updated "Last updated" date at the top of this document

Continued use of our website or services after the effective date of any changes constitutes your acknowledgment of and agreement to the updated policy.

12. Contact Us

For any privacy-related queries, requests to exercise your rights, or to report a concern, please contact our Data Protection Officer: